Don't fall for these text scams asking for your passwords

Cybercriminals are trying to scam consumers through text messages. Here’s how to avoid them.

If you’ve got a phone, you’ve probably received a spam text. Most of the time they’re from bar contests you drunkenly signed up for, and forgot about long ago. No? Just me? Interesting.

Either way, we all get spam. But there’s a special form of spam text that cybercriminals use to trick hapless victims into willfully giving up everything from their phone number to their Social Security number.

It’s easy to fall for these traps, but there are a few things you can do to avoid becoming a victim.

Smishing for info

Smishing, or SMS phishing, scams are similar to your standard email phishing scam, with the exception that rather than email, the scammer attempts to trick the prospective victim via a text message sent to their phone rather than an email.

It’s actually an even more duplicitous way of scamming victims. That’s because text messages have a greater sense of urgency than emails. After all, if you receive a text from someone it has to be important.

When you get a smishing text, you’ll likely see something asking you to call a phone number, or, even worse, click a link to address an issue by providing your bank account, smartphone data plan or some other form of highly personal information.

A classic example of a smishing attempt. The link has been blurred to prevent others from visiting it.

Calling a phone number could result in someone talking you into giving up your Social Security number, banking information or website login information. Click on a link in your text message and it could take you to a fraudulent website meant to make you think it’s from something like your bank, wireless service provider or sometimes the Internal Revenue Service.

Clicking that link alone may saddle you with malware on your smartphone, but if you actually enter your personal information on such a site, you could be turning it over to criminals who can then take over your private accounts.

Say, for example, you give your login information for your smartphone data carrier. A criminal could then use that to capture your account and steal your phone number. They could then use that to bypass other forms of security you use, like text message-based and two-factor authentication, to protect your online accounts.

It’s not an exaggeration to say that if someone steals your information, they can take full control over some of your most private accounts.

How to avoid smishing

The best way to avoid smishing scams is to simply ignore any texts you get from numbers you don’t recognize. But some scammers can spoof their numbers to appear as though the messages are coming from numbers you might recognize. So, if you want to be especially safe, simply avoid opening any links sent to you that ask for your login information. And if you’re told to call a number, don’t do it.

If you think you’ve received a fraudulent text or call, contact your wireless carrier, or the institution the person on the other end of the line claims to represent. From there you can see if you’re being tricked, or you’ve got an actual issue. But in reality, chances are, it’s a scam.

If you do happen to open a link sent to you via text message, be sure to download an anti-malware app for your smartphone and run it immediately to sniff out any threats that you may have inadvertently downloaded to your handset.

So remain vigilant. And, above all, take a second before opening that next text.